nftables and libvirt bridge network

To: debian-user@lists.debian.org
Subject: nftables and libvirt bridge network
From: Benedikt Tuchen <benedikt.tuchen@mailbox.org>
Date: Sun, 8 Dec 2019 11:36:39 +0100
Message-id: <[🔎] 20191208103639.GA3139@imap.mailbox.org>
Mail-followup-to: debian-user@lists.debian.org

Hello,

I use nftables as my firewall and setup the nftables.conf today. My
firewall rules are based on whitelisting. Everything is dropped from
INPUT and FORWARD as long as there is no specific rule for it. For
my libvirt network interface virbr1 there are also some rules. I
enabled the nftables.server so my firewall gets setup on startup.

Now there is a problem. The libvirt network interfaces are not
available this early in boot state. The nftables.service fails
because it can't find the virbr1.

UNIT settings for the nftables.service:
   Wants=network-pre.target
   Before=network-pre.target shutdown.target
   Conflicts=shutdown.target

What is a good way to fix this problem?

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: nftables and libvirt bridge network
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Re: [OT] Google security (was: dropbox security situation)
Next by Date: Re: [OT] Google security (was: dropbox security situation)
Previous by thread: AppArmor profiles for firefox on Buster
Next by thread: Re: nftables and libvirt bridge network
Index(es):
- Date
- Thread